Review of blockchain security ecology in 2021, global losses exceed 9.8 billion U.S. dollars

2021 is a year of ups and downs for the blockchain industry. Despite this, the blockchain has achieved good results thanks to its decentralized, open and transparent characteristics, and with the efforts of both inside and outside the industry. At the same time, following DeFi, the crazy upsurge of global users and media towards NFT and Metaverse has brought the blockchain to an unprecedented height. What happened this year? This article will start with the development of the blockchain market and typical security incidents, and take you through.

Blockchain ecological security situation

  • Policy, compliance, supervision

From the perspective of the domestic environment, on the one hand, the government has increased its emphasis on the development and application of blockchain technology. The Ministry of Industry and Information Technology pointed out that by 2025, the service capabilities of blockchain and other facilities will be significantly enhanced; on the other hand, the government will continue to tighten the Supervision. In September, multiple departments issued the “Notice on Further Preventing and Disposing of the Risks of Virtual Currency Trading Hype”, and the National Development and Reform Commission and other departments jointly issued the “Notice on Regulating Virtual Currency “Mining” Activities”. Relevant materials show that the policy documents related to blockchain-related content issued at the national level in 2021 cover university scientific research, talent cultivation, technology application standards, intellectual property rights, digital agriculture, shipping and transportation, epidemic prevention and control, network security, and social assistance , Digital cultural industry, etc.

From the perspective of the foreign environment, governments of various countries continue to pay attention to cryptocurrency, and the supervision of cryptocurrency is gradually improved and policies are gradually liberalized. The Global Anti-Money Laundering Agency Financial Action Task Force released the latest regulatory guidelines for cryptocurrencies; Seoul, South Korea will build a public service “Metaverse Platform”; the Texas Virtual Currency Act has officially entered into force; Bitcoin has officially become the legal tender of El Salvador; the Ukrainian Parliament passed virtual assets Bills etc.

It can be seen that governments around the world are paying more attention to blockchain. As an important part of the “new infrastructure”, blockchain is being embraced by more and more mainstream institutions.

  • Technology, application, economy

China’s “blockchain + industry” is also developing steadily, with various landing application projects constantly emerging.The country’s first blockchain intellectual property protection workstation was inaugurated and established; Guangdong Province issued the country’s first public data asset certificate. Giant companies have also joined the track: Huawei publishes patents on “Security Chips and Processing Methods”, Tencent Cloud’s blockchain releases three products, Baidu’s new patents on “Blockchain system upgrade methods, devices, equipment and storage media”; China Mobile The Metaspace Industry Committee of the Federation of Communications was formally established; China’s blockchain patent applications are the world’s largest, accounting for about 63%; the Ministry of Commerce said to promote the standardized application of new technologies such as blockchain.

In 2021, the underlying technology of the blockchain has also achieved a key breakthrough. Ethereum is expected to merge in Q2 of 2022. V God and others proposed EIP-4488 to reduce the gas of the Ethereum’s second-layer expansion solution; Arbitrum, the Ethereum Layer 2 expansion solution, will launch a new version of Nitro based on WASM; August 5 Ethereum completed the London upgrade.

  • Security incident

Blockchain technology is a double-edged sword. While its characteristics of decentralization, anonymity, and non-tamperability promote the progress of the industry, it also causes a significant increase in blockchain security issues. Cryptocurrency crimes are diverse, including money laundering, fraud, Cases of theft, drug trafficking, and mining crimes occur frequently.

According to the incomplete statistics of SlowMist’s blockchain hacked file data, as of the date of publication, there were 231 blockchain security incidents that were disclosed in the blockchain ecology in 2021, with losses exceeding 9.8 billion U.S. dollars.

Review of blockchain security ecology in 2021, global losses exceed 9.8 billion U.S. dollars


Among them, there were 170 security incidents such as ecological DApp and DeFi, 15 exchange security incidents, 8 public chain security incidents, 3 wallet security incidents, and 35 other types of security incidents.

Review of blockchain security ecology in 2021, global losses exceed 9.8 billion U.S. dollars

Since 2018, the overall loss trend has been rising.

Review of blockchain security ecology in 2021, global losses exceed 9.8 billion U.S. dollars

Let’s take everyone to review typical events, and at the same time attach a slow fog point of view to each type of event.Although this article is only the tip of the iceberg, it is very representative.

Security incidents and opinions

  • Public chain

BSV was 51% attacked

On August 4, BSV was suspected of being subjected to a 51% attack, and nearly 100 blocks were reorganized.

ETC mainnet suffered a fork

On September 4, Ethereum Classic (ETC) tweeted that the ETC mainnet suffered a fork due to a vulnerability in the Ethereum client Geth.

Solana’s mainnet beta version suffers a denial of service attack

On September 14, the beta version of the mainnet of the public chain Solana began to show instability since 19:52 Beijing time. On September 21, Solana officially released a preliminary overview of the network interruption: Solana network was offline for 17 hours without any financial loss. All functions were restored within 24 hours. The cause of network stagnation is denial of service attacks. At 12:00 UTC time, Grape Protocol launched IDO on Raydium, and transactions generated by robots congested the network. These transactions caused a memory overflow, causing many validating nodes to crash, forcing the network to slow down and eventually stop.

Slow fog view

Although the public chain security vulnerabilities cause relatively small losses, they have a huge impact on the entire chain ecology. Therefore, the public chain must undergo a professional security audit before going online. It is recommended that the public chain team cooperate with a credible and professional security team to deploy security recommendations tailored to local conditions to minimize the possibility of causing security problems, thereby ensuring the safety of the entire public chain.

  • Exchange

Cryptopia is hacked again

On February 20, the New Zealand exchange Cryptopia was hacked again. Investigations revealed that the hacker had accessed a wallet that has been dormant since the hack in January 2019. The wallet belongs to Stakenet and is controlled by Grant Thornton, the liquidator of Cryptopia. According to the survey results, the dormant wallet holds approximately USD 1.96 million worth of Xtake, which is the native token of Stakenet.

Liquid hot wallet attacked

On August 19, Japanese crypto trading platform Liquid stated that its hot wallet was attacked. The SlowMist AML team used its MistTrack anti-money laundering tracking system to analyze and calculate that Liquid lost a total of about 91.35 million US dollars (based on the price on the day of the incident). The stolen currencies involved BTC, ETH, ERC20 tokens, TRX, TRC20 tokens, and XRP. There are more than 70 kinds of currencies, and the amount is amazing.

Slow fog view

The security issue of exchanges has become the primary concern of exchanges and users, and has even become the key to determining the survival of exchanges. Especially in the fourth quarter of this year, various exchanges were attacked one after another, and the losses were very heavy.

Exchanges are frequently attacked for the following reasons: (1) Exchanges have gathered a large amount of funds and have always been the target of hackers; (2) In most cases, exchanges have weak defenses and are prone to security vulnerabilities, which are easy to be penetrated by hackers from weak points (3) ) Users lack sufficient safety awareness; (4) Internal crimes.

For exchanges, it is recommended that major exchanges improve their internal management and technical mechanisms, and strengthen the security of digital assets by introducing security audit mechanisms, zero trust mechanisms, and cold and hot asset security solutions. At the same time, actively embrace supervision. For users, we must strengthen security awareness, do not disclose the private key to anyone at any time, and at the same time, look for the official platform to avoid phishing incidents.

  • wallet

Ledger wallet has repeatedly leaked

On June 18th, Bitcoin hardware wallet provider Ledger reminded users that a series of new scams that used fake Ledger hardware wallets to defraud users’ assets have recently occurred. Some users whose information was leaked a year ago received requests from users to replace their hardware wallets. The package includes a forged official letter and a tampered Ledger hardware wallet. Ledger stated that the letter “need to replace the existing hardware wallet to protect your funds” is a scam, and the bonus Ledger Nano is also fake. If the user enters the seed word according to the instructions in the letter, the user’s encrypted assets will be stolen .

Multiple Chivo wallets stolen

Chivo Wallet is a national digital wallet issued by the government of El Salvador on September 7 to implement the Bitcoin Act. To this end, El Salvador promised that users who download and authenticate Chivo Wallet will receive a $30 Bitcoin reward. This move allowed the official wallet of El Salvador to exceed 2 million users in one month. However, between October 9th and October 14th, Salvadoran human rights organization Cristosal received 755 notifications about Salvadorans reporting that their Chivo wallet identity was stolen.

Slow fog view

Although the number of incidents related to the wallet itself has declined this year, the number of incidents of theft due to downloading fake wallet apps is huge. According to SlowMist’s  November report, tens of thousands of fake wallet apps have been stolen, with losses of up to 1.3 billion U.S. dollars. Establishing security awareness and mastering the right methods can truly protect your assets. First of all, look for the official website and do not click on links other than the official website; secondly, make a backup of your wallet and keep the private key mnemonic properly; finally, always be suspicious, there is no free lunch in the world.

  • D App, DeFi, NFT, cross-chain

(1) ETH ecology

SushiSwap is attacked again

On January 27th, SushiSwap was attacked again and lost 81 ETH. This attack is similar to SushiSwap’s first attack, and both generate profits by manipulating the exchange price of trading pairs. This attack took advantage of the fact that DIGG itself did not have a WETH trading pair, and the attacker created this trading pair and manipulated the initial transaction price, resulting in a huge slippage during the fee exchange process. The attacker used a small amount of DIGG and WETH can obtain huge profits by providing initial liquidity.

$12.15 million recovered after SIL was stolen

On March 19, a high-risk loophole appeared in the SIL.Finance contract for DeFi’s financial services. Later, SIL.Finance issued a statement that the incident was caused by a vulnerability in the smart contract permissions, which in turn triggered a general preemptive trading robot to submit a series of transactions for profit. After discovering that the smart contract could not be withdrawn due to high-risk vulnerabilities, after 36 hours of efforts such as SlowMist, it has successfully recovered USD 12.15 million.

(2) BSC ecology

Compound bugs and proposals

On September 30, the decentralized lending protocol Compound confirmed via Twitter that after the implementation of Proposal 62, the liquidity mining of the protocol had an abnormal distribution of COMP tokens. Compound Labs and community members are investigating. Compound said that deposits and borrowed funds have not been found to be at risk. Compound founder Robert Leshner said that the problem appeared to be an error in the initial setting of the distribution rate of COMP tokens based on Proposition 62, resulting in too many COMP tokens being distributed. On October 4, just as Compound was trying to fix the vulnerability, another COMP token worth US$68.8 million (202,472 COMP in total) was broken into the liquidity mining with existing loopholes due to the call of the drip() function. Token distribution contract.

Three attacks on Cream Finance

On October 27, Cream Finance, the DeFi lending association, was attacked and lost approximately US$130 million. The stolen funds were mainly Cream LP tokens and other ERC-20 tokens. It is reported that this is the third largest DeFi hacker attack in history. In addition, Cream Finance has suffered several lightning loan attacks before, losing 37.5 million U.S. dollars in February and another 19 million U.S. dollars in August.

(3) EOS ecology smart contract suffered reentry attack

Starting at 11:28 UTC on May 14th, the lightning loan smart contract has suffered a “re-entry” attack vulnerability, and approximately 1.2 million EOS and 462,000 USDT have been stolen. According to official sources, after EOS Nation’s Flash Loan was hacked, the project party initiated a proposal to directly change the hacker’s EOS account authority and return the assets.

PIZZA was hacked

At 8 pm on December 8, the hacker account itsspiderman used an overflow vulnerability to issue additional tripool market-making certificates in eCurve, pledged and loaned most of the tokens in the agreement in PIZZA. Afterwards, hackers created more than 1.3 million accounts and dispersed the stolen assets. The loss of the PIZZA protocol in this attack is approximately equivalent to 5 million U.S. dollars.

(4) Polygon ecology

Algorithmic stablecoin project SafeDollar was attacked

On June 28, SafeDollar, an algorithmic stablecoin project on Polygon, was suspected of being hacked. An unconfirmed contract seemed to have taken away 250,000 USD in USDC and USDT.

PolyYeld Finance contract used

The income farming agreement PolyYeld Finance was attacked, and the project contract was used to mint 4.9 trillion YELD tokens and dump them in the secondary market.

(5) HECO ecology

HSO takes away 30,000 HT and runs away

On March 10, the oracle project HSO on the Huobi Eco-Chain HECO carried out IDO and ran away 30,000 HT. The website and Telegram could not be opened. Later, under the full promotion of HECO core code contribution team Star Lab, HECO technical community and HECO White Hat Security Alliance, 24823 HTs have been recovered.

XDX Swap was attacked

On July 2, the XDX Swap (DDEX) on the Heco chain’s cross-chain decentralized exchange DDEX was attacked. The attacker made a profit of 85.17 ETH (approximately $176,000) and cross-chained it to Ethereum. The DDEX code appears to have a backdoor. With the support and cooperation of DDEX, Star Labs, and HECO White Hat Security Alliance, XDX Swap has successively recovered most of the funds involved in this attack, with a total value of more than 5 million US dollars.

(6) Other ecology

NEAR Ecological Ref.Finance was used due to contract errors

On August 15th, the NEAR Ecological Ref.Finance team tweeted that at around 2pm UTC on August 14th, the Ref team noticed the abnormal behavior of the REF-NEAR trading pair, and then discovered that the patch of the recently deployed contract An error, which has been exploited by multiple users, affected approximately 1 million REFs and 580,000 NEARs.

Solana ecosystem Solend was attacked by hackers

On August 19th, the Solana ecological lending agreement Solend tweeted that the agreement was hacked at 20:40 on August 19th, Beijing time. The attacker cracked the insecure identity check in the UpdateReserveConfig function, allowing it to liquidate all accounts. . In addition, the hacker also set the APY of borrowed funds to 250%. During this period, the funds of 5 users were mistakenly liquidated. Solend said that this attack did not result in the theft of funds, and that the scale of the bug bounty will be increased and a better monitoring and alarm system will be established.

Polkatrain’s IDO platform Polkatrain is arbitrage

On April 5, an accident occurred on Polkatrain’s IDO platform Polkatrain. According to SlowMist analysis, the contract in question was the POLT_LBP contract of the Polkatrain project. The contract has a swap function and a rebate mechanism. When users pass swap When the function purchases PLOT tokens, a certain amount of rebate is obtained, and the rebate will be sent to the user through the _update function in the contract by calling transferFrom. Since the _update function does not set the maximum amount of rebates in a pool, nor does it determine whether the total rebates are used up when rebates, malicious arbitrageurs can continuously call the swap function to exchange tokens to get the contract. Rebate rewards.

The Avalanche on-chain lending agreement Vee.Finance was stolen

On September 20th, the Vee.Finance team of the Avalanche chain lending agreement noticed multiple abnormal transfers. After further monitoring, a total of 8804.7 ETH and 213.93 BTC were stolen (total value over 35 million U.S. dollars). The stablecoin part is not affected by this attack.

GrimFinance on Fantom chain was attacked by lightning loan

On December 19, GrimFinance, a compound income platform on the Fantom chain, suffered a lightning loan attack, and the loss has exceeded 30 million U.S. dollars. The attacker uses the function named “beforeDeposit()” in GrimFinance’s vault strategy to attack and enter the malicious Token contract.

(7) Cross-chain system

THORChain, a cross-chain transaction protocol, was attacked three times

On June 29th, THORChain was attacked by “fake deposits” and lost nearly 350,000 U.S. dollars; on July 16, THORChain was attacked twice by “fake deposits” and lost nearly 8 million U.S. dollars; on July 23, THORChain was attacked again and again. The loss was nearly 8 million U.S. dollars.

The theft of the cross-chain bridge Chainswap affects multiple platforms

On July 11, the cross-chain bridge project Chainswap was attacked by hackers again. More than 20 project tokens that deployed smart contracts on the bridge were stolen by hackers. The total loss is estimated to be 4 million U.S. dollars, which almost became the scope of influence in the history of DeFi. The biggest safety accident. According to the Chainswap survey, due to an error in the token cross-chain quota code, the on-chain swap bridge quota is automatically increased by the signing node. The purpose is to be more decentralized without manual control. However, due to a logical flaw in the code, this led to a vulnerability that automatically increased the number of invalid addresses that were not whitelisted. Earlier on July 2, Chainswap was also attacked by hackers. Some user tokens were actively withdrawn from wallets interacting with ChainSwap. The estimated total loss was US$800,000.

Poly Network returned $610 million after being stolen

The Poly Network attack that occurred on August 10 may be the largest network security incident in history. More than $610 million in encrypted assets were stolen and returned within 15 days. The entire blockchain industry and all relevant parties have experienced this ups and downs together with Poly Network. At present, all involved assets have been returned to users, and system functions have been basically restored to the level before the incident.

(8) NFT

NFT fraud spreads

On August 2nd, a scammer named “cryptopunksbot” was published on CryptoPunk’s Discord server to provide NFT investors with a chance to win 10 NFT avatars. Stazie, the founder of the NFT project, lost 16 CryptoPunks, valued at least US$1 million, for accepting fake posters. The fraudster then sold 5 CryptoPunks for 149 ETH ($385,000).

Slow fog view

Since the birth of DeFi, it has been accompanied by countless risks. Although the value of many DeFi projects has been explosively doubling, the hacking incidents have also intensified. According to SlowMist statistics, DeFi usually has the following attack methods: (1) Lightning loan attacks; (2) Contract vulnerabilities; (3) Compatibility or architecture issues; (4) Private key leakage or front-end attacks; (5) Internal crimes, Run away.

For the project team, if they want to eliminate loopholes and reduce security risks as much as possible, they must make effective efforts-before the project goes live, conduct a comprehensive and in-depth security audit. At the same time, it is recommended that all DeFi project parties increase their asset protection by introducing a multi-signature mechanism. On the other hand, when each DeFi project interacts between protocols, it is necessary to do a good job of compatibility between the protocols. Developers need to fully understand the architecture of the transplantation protocol and the architecture design of their own projects when transplanting the code of other protocols to prevent funds The occurrence of loss. For users, as the gameplay in the blockchain field becomes more and more diversified, users should carefully understand the project background before investing, check whether the project is open source and whether it has been audited, and need to be vigilant when participating in the project and pay attention to the project risk .

Other types

  • blackmail

On May 7, Colonial Pipeline, the nation’s largest oil and gas pipeline operator, was forced to suspend operations by targeted ransomware attacks. After that, it paid 75 bitcoins and a ransom of more than 4 million U.S. dollars to get its operations back to normal. The ransomware attack involved national-level critical infrastructure, which caused global shock and widespread concern. In response to this incident, officials from the US Department of Justice stated that they have successfully recovered more than US$2 million in ransom. However, US government officials did not specify the detailed process of “how to obtain the private key and recover the ransom,” only saying that this action shows that the United States will spare no effort to respond to blackmail attacks.

  • Fraud

On August 20th, the founder of one of Russia’s largest cryptocurrency scams was imprisoned for allegedly defrauding more than 1.5 billion U.S. dollars from its investors. Finiko was established in Kazan in 2019 and pretended to be a legitimate BTC investment company. In December 2020, Finiko released its native cryptocurrency FNK. According to local reports, the founders will take BTC from investors and reward them with FNK tokens.

  • fishing

On October 15th, Sophos released a report stating that cryptographic fraud application CryptoRom stole 1.4 million U.S. dollars through the use of “super signature service” and Apple’s developer enterprise plan. To date, Bitcoin addresses related to the scam have sent more than $1.39 million, and there may be more addresses related to the scam. According to the report, most of the victims are iPhone users. The report stated that CryptoRom bypassed all security checks in the App Store and remained active every day. The report also stated that Apple “should warn users about installing apps through temporary distribution or through the enterprise configuration system that these apps have not been reviewed by Apple.”

Slow fog view

In the process of the vigorous development of the blockchain, various new investment scams under the name of the blockchain have also sprung up like bamboo shoots after a rain. Taking ransomware as an example, a report issued by the Financial Crimes Enforcement Network of the US Department of the Treasury pointed out that ransomware-related transactions in the first half of 2021 have reached US$590 million. SlowMist hereby reminds users not to open email attachments of unknown origin, carefully identify phishing websites, always hold a skeptical and cautious attitude, and effectively use anti-virus software.


Although the market value of many cryptocurrencies represented by BTC has been refurbishing, and the current development trend of the blockchain industry is getting better and better, cryptocurrency crimes have also become more rampant. From the statistical data, the months with more security incidents and large losses are mainly in April, June and August; from the perspective of each ecology, Ethereum has the most losses, exceeding 1.3 billion U.S. dollars, followed by BSC Ecology: From the attack field, exchanges and DeFi are more attacked.

For the project party, it is recommended that internal management and technical mechanisms be improved, and internal security personnel should check for omissions in security-related content in a timely manner. The most important and most effective way is to conduct a comprehensive and in-depth security audit of the project before it goes live to minimize the possibility of causing security problems.

For users, treat the blockchain correctly and rationally, establish correct currency concepts and investment concepts, and effectively improve risk prevention awareness. For example, before investing, pay attention to whether the smart contract is open source, whether the platform itself has a security audit, and the most important thing is to keep your private key mnemonic well and not to disclose it to anyone.

Finally, I look forward to the new year that the blockchain will burst with greater energy, more landing applications, and greater value creation.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-12-28 08:43
Next 2021-12-28 08:47

Related articles